Stopping Comment Spam When Hidden Fields No Longer Fool Bots

What to do when JotX spam starts getting through a hidden honeypot field and the comment form suddenly fills with junk submissions.

Hidden honeypot fields can block simple bots, but they are not a permanent anti-spam strategy. In the original case, the site started receiving repeated junk messages even though the existing hidden field used to be enough.

That is the natural lifecycle of weak anti-spam measures: they work until bots adapt.

How to respond

keep the honeypot if it still blocks low-quality noise,
add stronger checks such as captcha or token-based validation,
rate-limit comment submission where possible,
review whether links and suspicious phrases should trigger moderation.

The main lesson is that spam protection should be layered. A single hidden field is a convenience measure, not a security boundary.

Once bots have learned your form, the solution is to raise the cost of automated posting rather than keep tweaking the same weak trap.

Newer post

Fixing Resource Editors That Stop Opening After a Hosting Migration

What to check when snippets, chunks, and templates still open in the manager but resources and configuration pages no longer do.

Older post

Fixing Redirect Loops Triggered by Strange Query Parameters on the Home Page

How to diagnose home-page redirect loops that appear only for certain advertising or malformed query strings.